Linux OpenSSL sample configuration files
Updated 2011-09-11
Links:
OpenSSL.
These files allow setting a private, informal X509
CA
and/or to request the creation and issue X509 certificates.
These files contain an illustration of somewhat unusual but
often very useful features of X509 certificates, for example
having multiple Common Names
and multiple
domain names
and wildcard domain names,
and multiple email addresses.
Please note that because of some limitations in the OpenSSL
configuration files, all of the final files are generated by
preprocessing the corresponding .ini files listed
here, as specified in the
Makefile,
and the definitions common to all configuration files are contained
in the
default.ini.
All files contain extensive comments, and in particular
default.ini contains a suitable list of references.
Please read all these references carefully and several times.
Unfortunately CA operation and certificate generation, even for
a private, informal CA, involves difficult concepts and complicated
details, especially with OpenSSL, and it is not something to be
attempted without an in depth understanding of the general issues
and of the peculiarities related to OpenSSL.
You probably will need to customize all all the files
in this directory to adapt them to your case. As they are here,
they are set up for a private CA called Example
Ltd. and for this to accept a request and grant a
certificate for the domain example.com.
If you need a simpler approach to generate simple certificates,
the
GNU TLS
library comes with the
certtool
utility.
Name Last modified Size Description
![[PARENTDIR]](/icons/back.gif)
Parent Directory -
![[ ]](/icons/unknown.gif)
Makefile 2024-05-08 19:58 3.7K
![[ ]](/icons/hand.right.gif)
README 2017-04-14 23:42 912
com.example.mail_Pub.ini 2024-05-08 19:55 1.6K
com.example.mail_Req.ini 2024-05-08 19:56 2.5K
com.example.www_Pub.ini 2024-05-08 19:57 1.7K
com.example.www_Req.ini 2024-05-08 19:49 2.5K
com.example_CAPub.ini 2024-05-08 20:19 2.6K
default.ini 2024-05-08 20:12 15K